forked from ratify-project/ratify
-
Notifications
You must be signed in to change notification settings - Fork 0
94 lines (90 loc) · 4.32 KB
/
publish-dev-assets.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
name: publish-dev-assets
on:
schedule:
- cron: '30 8 * * 0' # early morning (08:30 UTC) every Sunday
workflow_dispatch:
permissions: read-all
jobs:
build:
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: prepare
id: prepare
run: |
DATE=$(date +'%Y%m%d')
COMMIT=${{ github.sha }}
REPOSITORY=ghcr.io/${{ github.repository }}
CHART_REPOSITORY=${REPOSITORY}-chart-dev
VERSION=dev.${DATE}.${COMMIT:0:7}
SEM_VERSION=0-${VERSION}
SEM_VERSION_ROLLING=0-dev
REPOSITORY_PLUGINS=${REPOSITORY}-dev
REPOSITORYBASE=${REPOSITORY}-base-dev
REPOSITORYCRD=${REPOSITORY}-crds-dev
echo ::set-output name=version::${VERSION}
echo ::set-output name=semversion::${SEM_VERSION}
echo ::set-output name=semversionrolling::${SEM_VERSION_ROLLING}
echo ::set-output name=chartrepo::${CHART_REPOSITORY}
echo ::set-output name=ref::${REPOSITORY_PLUGINS}
echo ::set-output name=baseref::${REPOSITORYBASE}
echo ::set-output name=crdref::${REPOSITORYCRD}
- name: docker login
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: docker build ratify-crds
run: |
docker buildx create --use
docker buildx build --build-arg KUBE_VERSION="1.29.2" -f crd.Dockerfile --platform linux/amd64,linux/arm64,linux/arm/v7 --label org.opencontainers.image.revision=${{ github.sha }} -t ${{ steps.prepare.outputs.crdref }}:${{ steps.prepare.outputs.version }} -t ${{ steps.prepare.outputs.crdref }} --push ./charts/ratify/crds
- name: docker build ratify base
run: |
docker buildx create --use
docker buildx build -f ./httpserver/Dockerfile \
--platform linux/amd64,linux/arm64,linux/arm/v7 \
--build-arg LDFLAGS="-X github.com/ratify-project/ratify/internal/version.Version=$(TAG)" \
--label org.opencontainers.image.revision=${{ github.sha }} \
-t ${{ steps.prepare.outputs.baseref }}:${{ steps.prepare.outputs.version }} \
-t ${{ steps.prepare.outputs.baseref }} \
--push .
- name: docker build ratify with plugin
run: |
docker buildx create --use
docker buildx build -f ./httpserver/Dockerfile \
--platform linux/amd64,linux/arm64,linux/arm/v7 \
--build-arg build_sbom=true \
--build-arg build_licensechecker=true \
--build-arg build_schemavalidator=true \
--build-arg build_vulnerabilityreport=true \
--build-arg LDFLAGS="-X github.com/ratify-project/ratify/internal/version.Version=$(TAG)" \
--label org.opencontainers.image.revision=${{ github.sha }} \
-t ${{ steps.prepare.outputs.ref }}:${{ steps.prepare.outputs.version }} \
-t ${{ steps.prepare.outputs.ref }} \
--push .
- name: replace version
run: |
sed -i '/^ repository:/c\ repository: ghcr.io/ratify-project/ratify-dev' charts/ratify/values.yaml
sed -i '/^ crdRepository:/c\ crdRepository: ghcr.io/ratify-project/ratify-crds-dev' charts/ratify/values.yaml
sed -i '/^ tag:/c\ tag: ${{ steps.prepare.outputs.version }}' charts/ratify/values.yaml
- name: helm package
run: |
helm package ./charts/ratify --version ${{ steps.prepare.outputs.semversion }}
helm package ./charts/ratify --version ${{ steps.prepare.outputs.semversionrolling }}
- name: helm push
run: |
helm push ratify-${{ steps.prepare.outputs.semversion }}.tgz oci://${{ steps.prepare.outputs.chartrepo }}
helm push ratify-${{ steps.prepare.outputs.semversionrolling }}.tgz oci://${{ steps.prepare.outputs.chartrepo }}
- name: clear
if: always()
run: |
rm -f ${HOME}/.docker/config.json